By Dave Moore, CISSP
10/02/2022
Many tech support and “fix your computer” scams can look legitimate, taking elements from real websites.
Make sure you pay attention to spelling and grammar, though. The “Windows Security Alert,” in its first sentence, reads, “To help protect your computer, Windows Web Secure Kit have detected Trojans…” Really? It have?
Then, there’s “Doctor Antivirus.” The bad guys will offer you a “free download and cleanup.” You’ll tell the thing to scan, and it will launch into a fake scan-looking dog and pony show, complete with alleged file names flashing by real fast, bouncing and color-changing progress bars, and then, at the end, a list of all sorts of problems that have been found.
Next, a box will pop up asking for a credit card number so you can get the full version of Doctor Antivirus, and finish the cleanup. Only problem is, you can’t opt out, nor can you figure out how to remove your “free” trial program. As it turns out, Doctor Antivirus is the virus.
Another scary scam reads, “Alert: Your computer have been attacked…” It’s important to read what’s one the screen before you click.
“Your computer has been locked!” A guy called me one day, said he had a message on his screen from the FBI, and described what he saw. Reading through the message, it accuses the computer owner of awful crimes including child pornography, zoophilia and terrorism. Because of these atrocities, his computer was “locked,” and he needed to pay his fine to the FBI before they would “unlock” it.
I had heard of this scam before, but had no direct contact with it until then. I started checking around, located the exact screen he was looking at, and started reading. It was immediately obvious it was fake, not from the FBI, and was just a scam, but my customer was convinced it was real. I thought for a moment about how to explain the facts without bruising his ego.
“OK, think about this,” I said. “It says the FBI has locked your computer, and you must pay a $200 fine. But, the FBI does not levy fines; courts levy fines.” “OK,” he said slowly. I continued. “Look at the bottom. You are being instructed to go to Walgreens, or CVS, or 7-11 to buy a money card to pay your fine to the FBI. Think about that.” “Oh,” he said.
“We know the FBI does not levy fines,’ I went on, “but I’m pretty sure if the FBI did fine you, they wouldn’t tell you to go to 7-11 to buy a money card, and then come back to your computer, type in the number from the money card, and that’s how you’ll pay your fine and the FBI will unlock your computer.” “Right,” he said.
“I’m also pretty sure,” I said, “that if the FBI fined you for child pornography, zoophilia and terrorism, the fine would be a lot more than $200.” I can’t help but wonder, though, how many people get this message, get in their cars, drive to 7-11, buy a $200 money card, drive back home, type the number from the card into the little box, and click “OK” before they realize they’ve been scammed. Apparently, a lot.
Next week: Internet safety, Step 12: Careful where you click, Part 3.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org